-
Hi! Question itself: Thank you for your answer! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Yes, you can do https<>https between the reverse proxy and Vaultwarden. If someone sniffs the traffic, they could see the encrypted passwords. But there shouldn't be anything crossing the wire which could be used to decrypt the data instantly. They would need to brute-force your master-password first, which is only sent as a hashed value. They could see icon requests maybe which could disclose sites you have accounts on, but those probably also appear in the reverse proxy logs. |
Beta Was this translation helpful? Give feedback.
Yes, you can do https<>https between the reverse proxy and Vaultwarden.
If all nodes are in your control, then it might be overkill, but if someone could come in-between it could be useful. It just depends on how well you trust your environment.
If someone sniffs the traffic, they could see the encrypted passwords. But there shouldn't be anything crossing the wire which could be used to decrypt the data instantly. They would need to brute-force your master-password first, which is only sent as a hashed value.
They could see icon requests maybe which could disclose sites you have accounts on, but those probably also appear in the reverse proxy logs.